launchpad-dev team mailing list archive

Thread
Date

Re: Describing access policies in bug and branch UI

From: curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>
Date: Wed, 07 Dec 2011 13:31:32 -0500
Cc: Launchpad Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAKiYkZLvxC0joKjzUGkmb3NTqXmG1kdz9+TKBPmE3oWQh2JFGw@mail.gmail.com>
Organization: Canonical Ltd.
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111124 Thunderbird/8.0

On 12/07/2011 12:17 PM, Matthew Revell wrote:
>>> To clarify: I think it should still be the security team, even if the
>>> security bug is public.
>>
>> No user has ever reported a bug suggesting a restriction of who can
>> change the status.
> 
> It seems to me like it offers the same potential for the, usually
> well-meaning, meddling that we've seen elsewhere. We restrict certain
> bug statuses, so why not restrict who can remove a bug's security tag?

1. I do not think this issue has been demonstrated to be a problem.
2. I should be able to undo my mistake
3. Lp currently requires me to say an issue is security
   so that I can later say it is just private.
   See bug 136937 reported by the esteemed Mr. jml.

The Embargoed Security bug case:
The only people who can access an embargoed security bug are those users
who are working the issue. Usually the security contact for a single
project. When other projects are added to the bug, their security
contacts get access. The only user who might not be a security contact
is the reporter. The bug reporter does need the power to correct
mistakes so that the correct information is available to the project.

The Unembargoed security bug case:
Everyone can see it, and any can change it. Someone could wrongly change
the bug to public (non-security) not understanding that a fix security
bug is still a security issue for unknown projects that used old libs or
cargo-culted dangrous code. The security teams, still subscribed, will
be notified by email and may choose to correct the data.

I do not think there is a problem, but I do favour a more comprehensive
behaviour for bug/branch visibility that reflects both responsibility
and extra services that Lp provides.

All users can see
    Public, Embargoed Security
Project security users see
    Public, Embargoed Security, Unembargoed Security
Commercial project users see
    Public, Embargoed Security, Unembargoed Security, Private
Admins and bots see
    Public, Embargoed Security, Unembargoed Security, Private, User Data

-- 
Curtis Hovey
http://launchpad.net/~sinzui

Attachment: signature.asc
Description: OpenPGP digital signature

References

Describing access policies in bug and branch UI
From: curtis Hovey, 2011-11-23
Re: Describing access policies in bug and branch UI
From: Martin Pool, 2011-11-30
Re: Describing access policies in bug and branch UI
From: Matthew Revell, 2011-12-01
Re: Describing access policies in bug and branch UI
From: Matthew Revell, 2011-12-01
Re: Describing access policies in bug and branch UI
From: curtis Hovey, 2011-12-01
Re: Describing access policies in bug and branch UI
From: Matthew Revell, 2011-12-07